@sross-7 If you're comfortable doing so can you to take the fix (I'll attach my version to be sure we're talking about the same fix) and cut a websockify v0.6.1 release?
A quick grep of the master branches shows:
$ grep websockify */*/requirements.txt
openstack/ironic/requirements.txt:websockify>=0.6.0,<0.7
openstack/nova/requirements.txt:websockify>=0.6.0,<0.7
stackforge/nova-solver-scheduler/requirements.txt:websockify>=0.5.1,<0.6
So cutting v0.6.1 would leave nova-solver-scheduler vulnerable but AFAICT it doesn't actually use websockify :/
Do we want to add a symlink workaround? Do we have a good way to work with packagers to do that?
@sross-7 If you're comfortable doing so can you to take the fix (I'll attach my version to be sure we're talking about the same fix) and cut a websockify v0.6.1 release?
A quick grep of the master branches shows: s.txt ironic/ requirements. txt:websockify> =0.6.0, <0.7 nova/requiremen ts.txt: websockify> =0.6.0, <0.7 nova-solver- scheduler/ requirements. txt:websockify> =0.5.1, <0.6
$ grep websockify */*/requirement
openstack/
openstack/
stackforge/
So cutting v0.6.1 would leave nova-solver- scheduler vulnerable but AFAICT it doesn't actually use websockify :/
Do we want to add a symlink workaround? Do we have a good way to work with packagers to do that?